protect longhorn
This commit is contained in:
@@ -2,3 +2,6 @@ namespace: longhorn-system
|
|||||||
resources:
|
resources:
|
||||||
- longhorn-deploy.yaml
|
- longhorn-deploy.yaml
|
||||||
- longhorn-ingress.yaml
|
- longhorn-ingress.yaml
|
||||||
|
- oauth2-proxy-longhorn-ingress.yaml
|
||||||
|
- oauth2-proxy-longhorn-service.yaml
|
||||||
|
- oauth2-proxy-longhorn.yaml
|
||||||
|
|||||||
@@ -12,7 +12,6 @@ spec:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- longhorn.prod.panic.haus
|
- longhorn.prod.panic.haus
|
||||||
secretName: longhorn-tls
|
secretName: longhorn-tls
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
- host: longhorn.prod.panic.haus
|
- host: longhorn.prod.panic.haus
|
||||||
http:
|
http:
|
||||||
|
|||||||
17
deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml
Normal file
17
deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: oauth2-proxy-longhorn-ingress
|
||||||
|
namespace: longhorn-system
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: longhorn.prod.panic.haus
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- backend:
|
||||||
|
service:
|
||||||
|
name: oauth2-proxy-longhorn-service
|
||||||
|
port:
|
||||||
|
number: 4180
|
||||||
|
path: /oauth2
|
||||||
|
pathType: Prefix
|
||||||
12
deploy/longhorn/oauth2-proxy-longhorn-service.yaml
Normal file
12
deploy/longhorn/oauth2-proxy-longhorn-service.yaml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: oauth2-proxy-longhorn-service
|
||||||
|
namespace: longhorn-system
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: oauth2-proxy-longhorn
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: 4180
|
||||||
|
targetPort: 4180
|
||||||
39
deploy/longhorn/oauth2-proxy-longhorn.yaml
Normal file
39
deploy/longhorn/oauth2-proxy-longhorn.yaml
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: oauth2-proxy-longhorn
|
||||||
|
namespace: longhorn-system
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: oauth2-proxy-longhorn
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: oauth2-proxy-longhorn
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: oauth2-proxy-longhorn
|
||||||
|
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1-arm64
|
||||||
|
args:
|
||||||
|
- --provider=keycloak
|
||||||
|
- --client-id=longhorn
|
||||||
|
- --client-secret=gxyMUP89svnEXnz128ZqNBTLxjlLpBxM
|
||||||
|
- --cookie-secret=1arlufhiIIvTT3iPexXVREeo8YDX-ZLk3k33-98FPRM=
|
||||||
|
- --oidc-issuer-url=https://sso.panic.haus/realms/panic-haus
|
||||||
|
- --cookie-domain=longhorn.prod.panic.haus
|
||||||
|
- --email-domain=*
|
||||||
|
- --session-store-type=redis
|
||||||
|
- --redis-connection-url=redis://redis-lb.redis.svc.cluster.local:6379
|
||||||
|
- --http-address=0.0.0.0:4180
|
||||||
|
- --redirect-url=https://longhorn.prod.panic.haus/oauth2/callback
|
||||||
|
- --upstream=http://longhorn-frontend.longhorn-system.svc.cluster.local:80
|
||||||
|
- --scope=openid
|
||||||
|
- --login-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/auth
|
||||||
|
- --validate-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/userinfo
|
||||||
|
- --redeem-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/token
|
||||||
|
- --skip-auth-regex=^(?:https?:\/\/)?longhorn\.prod\.panic\.haus\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$|^\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$
|
||||||
|
ports:
|
||||||
|
- containerPort: 4180
|
||||||
|
name: http
|
||||||
Reference in New Issue
Block a user